Lead SOC Engineer (OT Cybersecurity)
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
CPX seeks a Lead SOC Engineer to design and implement advanced threat detection in OT environments. The role involves detection engineering, SOAR playbook development, tool integration, and collaboration with SOC analysts.
Key Skills for This Role
Responsibilities
- Design, develop, and fine tune OT specific detection use cases, correlation rules, and analytics within SIEM platforms
- Build, maintain, and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events
- Create, refine, and document SOC alert logic for high fidelity detection
- Deploy, configure, and optimize OT security platforms such as Dragos, Claroty, and Nozomi
- Integrate OT data sources into SIEM/SOAR and broader SOC workflows
- Partner with SOC analysts and IT/OT teams to validate detections and enhance triage processes
- Ensure detection and response strategies align with NESA, SAMA, NIST 800 82, and IEC 62443
- Lead or support technical investigations involving OT assets during incident response
Requirements
- Minimum of 8 10 years in SOC operations with significant experience in OT cybersecurity
- Prior experience in a lead engineering role within a SOC or industrial cybersecurity environment
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field
- Advanced OT Detection Engineering skills
- Deep protocol expertise with Modbus, DNP3, OPC, IEC 61850
- Extensive experience building OT specific use cases in SIEM platforms (QRadar, Splunk)
- Skilled in onboarding OT telemetry sources into SOC workflows
- Proficient in Python and PowerShell for automation
- Strong communication and collaboration skills
Full Job Posting
Overview
- OT Detection is a senior technical and engineering leader role focused on designing and implementing advanced threat detection capabilities within OT environments.
- Operating within CPX’s hybrid Security Operations Centers (SOCs), this role emphasizes engineering detection logic, integrating OT telemetry, and enhancing visibility across ICS/SCADA systems.
Key Responsibilities
- Detection Engineering: Design, develop, and fine‑tune OT‑specific detection use cases, correlation rules, and analytics within SIEM platforms.
- SOAR Playbook Engineering: Build, maintain, and optimize SOAR playbooks to automate investigation and response workflows for OT and IT security events.
- Alert Development & SOC Enablement: Create, refine, and document SOC alert logic to ensure high‑fidelity detection and smooth operational handover to analysts.
- Tool Integration: Deploy, configure, and optimize OT security platforms such as Dragos, Claroty, and Nozomi.
- Telemetry Onboarding: Integrate OT data sources—including PLC logs, historian data, network telemetry, and asset inventories—into SIEM/SOAR and broader SOC workflows.
- SOC Collaboration: Partner closely with SOC analysts and IT/OT teams to validate detections, enhance triage processes, and ensure seamless integration of OT monitoring capabilities.
- Compliance Alignment: Ensure all detection and response strategies align with relevant regulatory and industry frameworks, including NESA, SAMA, NIST 800‑82, and IEC 62443.
- Incident Support: Lead or support technical investigations involving OT assets, providing deep expertise during incident response activities and post‑incident reviews.
Qualifications
- Minimum of 8–10 years in SOC operations, with significant experience in OT cybersecurity.
- Prior experience in a lead engineering role within a SOC or industrial cybersecurity environment.
- Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field.
- Master’s degree or equivalent recognized cybersecurity certifications preferred.
Skills/Certifications
- Advanced OT Detection Engineering: Proven ability to design and implement high fidelity detection logic tailored to OT environments.
- Deep Protocol Expertise: Strong hands on experience with OT/ICS protocols such as Modbus, DNP3, OPC, IEC 61850.
- SIEM Use Case Development: Extensive experience building and tuning OT specific use cases in SIEM platforms (e.g., QRadar, Splunk).
- Telemetry Integration: Skilled in onboarding OT telemetry sources into SOC workflows.
- Scripting & Automation: Proficient in Python and PowerShell.
- Cross Domain Collaboration: Strong communication and collaboration skills.
- Operational Awareness: Deep understanding of SOC operations, OT threat landscapes, and Middle East industrial environments.
- Certifications: CISSP, CISM, or equivalent; GICSP, GRID, ISA/IEC 62443, Dragos, Nozomi; CCNP/CCIE.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at CPX
SOC Platform Engineer
Abu Dhabi Emirate, UAE
CPX is hiring a SOC Platform Engineer with at least 4 years of experience to manage Threat Intelligence Platforms and other SOC solutions. The role involves platform management, integration with SOC tools, automation dev
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
We are seeking an Associate Consultant to support Cyber Academy engagements including training, advisory, cyber exercises, and awareness. You will assist in developing training materials, conducting research, and support
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
CPX is seeking a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality assessments. The ideal candidate has 8+ years of experience in
Lead - Threat Intelligence
Abu Dhabi, UAE
CPX seeks a Lead Threat Intelligence Analyst to conduct all-source intelligence analysis, manage threat intelligence platforms, and produce high-quality intelligence products. The role requires strong analytical skills,
Junior Legal Counsel
Abu Dhabi, UAE
CPX is looking for a Junior Legal Counsel to provide legal advice on technology transactions, corporate governance, regulatory, compliance, and intellectual property matters. The role requires 1-3 years of PQE with compl
Specialist - HSE
Abu Dhabi, UAE
CPX seeks an experienced HSE Officer to ensure health, safety, and environmental governance during OT cybersecurity and critical infrastructure projects in substations and control centers. The role involves managing HSE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
CPX is hiring a Lead Consultant to serve as a trusted cybersecurity advisor and client success lead for managed security services clients. The role involves driving customer success, service governance, technical advisor
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE
CPX is seeking a Lead Engineer - OT Cybersecurity to implement OT cybersecurity solutions in utility environments and substations. The role involves hands-on deployment of cybersecurity technologies, infrastructure desig
SOC Platform Engineer
Abu Dhabi Emirate, UAE
Associate Consultant – Cyber Consulting Services
Abu Dhabi Emirate, UAE
Senior Specialist Threat Intelligence Analyst
Abu Dhabi, UAE
Lead - Threat Intelligence
Abu Dhabi, UAE
Junior Legal Counsel
Abu Dhabi, UAE
Specialist - HSE
Abu Dhabi, UAE
Lead Consultant - Client Success (CPX)
Abu Dhabi, UAE
Lead Engineer - OT Cybersecurity
Abu Dhabi, UAE